General
-
Target
JaffaCakes118_78011535521a3978b4d346e6a718035f
-
Size
172KB
-
Sample
250202-ctafha1ld1
-
MD5
78011535521a3978b4d346e6a718035f
-
SHA1
46e70b2e3ac4590253195d04a0ada8d548a40db8
-
SHA256
11a53e9e2e881dff571966bd2d22719ef5efcc1c273d4b605d0a35ba849fe8ff
-
SHA512
896cfb5ff53b44bdcb706c1817fa23965df858d1c3facb4b7364370ecfd4ef47d12c48d8aab3bd677c77febba5a55bd2ae256a51f05084a3095891e39fca1152
-
SSDEEP
3072:QCUNqmm+P1qm+gFuyf3xgjWSidRByaKhIcGT3mIhmsJfTPLlwsWUt:5UommTcFuyf3xgjPidRDKWcGT3Zh5Phf
Malware Config
Targets
-
-
Target
JaffaCakes118_78011535521a3978b4d346e6a718035f
-
Size
172KB
-
MD5
78011535521a3978b4d346e6a718035f
-
SHA1
46e70b2e3ac4590253195d04a0ada8d548a40db8
-
SHA256
11a53e9e2e881dff571966bd2d22719ef5efcc1c273d4b605d0a35ba849fe8ff
-
SHA512
896cfb5ff53b44bdcb706c1817fa23965df858d1c3facb4b7364370ecfd4ef47d12c48d8aab3bd677c77febba5a55bd2ae256a51f05084a3095891e39fca1152
-
SSDEEP
3072:QCUNqmm+P1qm+gFuyf3xgjWSidRByaKhIcGT3mIhmsJfTPLlwsWUt:5UommTcFuyf3xgjPidRDKWcGT3Zh5Phf
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1